Disabling password-based authentication in Lubuntu

WARNING! This guide should only be used if you are certain that the security implications are not a problem for you. Running a system with no password or with the ability to bypass a password is generally a very bad idea. Proceed at your own risk.

Usually, you will want to run Lubuntu with a user password in place. A password helps prevent unauthorized users from easily gaining access to the system, and can help mitigate the affects of malicious software in some instances. However, in some setups, it is desirable to run a system with no password, or to be able to access part or all of the system without the password. In this guide, we will cover various ways of disabling password-based authentication in Lubuntu.

Enabling autologin

If you don’t want to type your password when you first turn your system on, you can enable autologin. This will cause the system to boot directly into a working desktop environment when you turn it on, without requiring any authentication. This can be convenient if you are already securing your system in some other way, such as by using full disk encryption.

The Calamares installer used by Lubuntu supports enabling autologin at install time. To do so, simply check the “Log in automatically without asking for the password” box on the “Users” screen.

If you have already installed Lubuntu, and want to enable autologin on your installed system, run sudo nano /etc/sddm.conf, and ensure that it has the following contents:


Replace your_username_here with your username. Once you have modified the file, press Ctrl+S to save, followed by Ctrl+X to exit.

Autologin only bypasses the password when you first turn the computer on. You will need to provide a password to unlock the screen, use sudo, or perform certain administrative tasks.

Passwordless sudo

If you need to be able to gain admin privileges on your system without a password, you can enable passwordless sudo access. This will allow you to use the sudo command without providing a password, and administrative tasks that would usually prompt for a password can be done without authentication.

WARNING! These instructions guide you through editing the sudoers file. Be careful, as an incorrectly configured sudoers file could make it very difficult to gain admin privileges on your system.

To enable passwordless sudo, first run sudo su - in a terminal and provide your password. This will give you a root shell that you can use to recover if you make a mistake while editing the sudoers file. We will also use this shell to edit the sudoers file.

Next, run cp /etc/sudoers /etc/sudoers.bak in the root shell so you can recover if you change the sudoers file incorrectly.

Next, run visudo in the root shell. This will open a text editor that allows you to change the sudoers file.

Find the line that starts with %sudo. Move your cursor to this line, and press Ctrl+K to cut the line. Then move your cursor to the very bottom of the file (underneath the line that starts with @includedir, and press Ctrl+U to paste the line.

Next, modify the line so that it looks like this:


Finally, press Ctrl+S to save, and Ctrl+X to exit. At this point passwordless sudo should be enabled.

Without closing the root shell, open a new QTerminal window, and run sudo su - in it. If you were successful, you should be given a root shell without needing to type your password.

If you are not given a root shell without a password, go back to the root shell you still have open, and run mv /etc/sudoers.bak /etc/sudoers to restore your backup copy of the sudoers file. Then run cp /etc/sudoers /etc/sudoers.bak to make a new backup, and then run visudo again to try to edit the file again. Do not close the root shell until you are able to open a root shell in a different QTerminal window without a password.

Once you have passwordless sudo working, you can safely close the root shell. Leave the /etc/sudoers.bak file so that you can restore it in the future if necessary.

Enabling passwordless sudo only bypasses the password when you are performing certain administrative tasks or using the sudo command. You will still need to provide your password in order to log in and in order to unlock your screen. You can combine these instructions with the autologin instructions above if you want to disable your password in both places (though you will still need your password to unlock the screen if you do this).

Deleting the password entirely

If you really want absolutely no password on your system, you can delete your password altogether. This will totally remove password-based authentication everywhere - you will be able to log in without a password (though unless autologin is enabled you will still need to press Enter to log in), you won’t be asked for a password when performing administrative tasks or using sudo, and the screen locker will unlock your screen upon moving the mouse or pressing a key. This is extremely insecure in most environments, and is highly recommended against.

To delete the password for your user, run the following command in QTerminal:

sudo passwd -d your_username_here

Replace your_username_here with your username. Then provide your password. This will delete your password from the password database and disable password-based authentication everywhere.